Last week I asked what people think about me not displaying a list of all security flaws fixed each week. I got one reader who was interested in seeing this list, but in general I received little feedback. Given there are already good places to find this information, I think duplicating it here would be a bit of a waste.
Updates for Red Hat Enterprise Linux are best viewed from the
Enterprise Watch List archives, or
Red Hat Network.
Updates for Fedora can be found in
Fedora Weekly News
Fedora Security Response Team
The Fedora Security Response Team is slowly taking shape. The team will be responsible for all Fedora security updates in Fedora 7 and beyond. Creating a security team is not a trivial task, and I believe it's best done in an organic manner. Anytime anyone tries to create a process around anything regarding security, it often ends up being overly complex. By keeping things simple from the start and adding process as needed, it's more likely the security team will be a success. If you have an interest in helping the Fedora Security Response Team, more information can be found
here.
krb5
The biggest update last week would have to be
Kerberos. There were three flaws fixed, but the really scary one was a flaw in the MIT krb5 telnet daemon. The telnet daemon shipped in krb5 allows for encrypted telnet sessions. As most people know, it is unwise and unsafe to use unencrypted telnet to connect to a remote machine. The flaw could allow a remote user to login as root, without a password. Anytime there is a remote flaw such as this, it's rather scary given the potential for a worm attack.
I've been asked to write a security blurb for
Fedora Weekly News. The basic idea is that they will be mostly syndicating what I write here, just with a Fedora slant, and they get it a day early. I see no problem with this and honestly, I'm all for anything that will help make Fedora better.
